From nobody Sun Jan 15 22:34:21 2023 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nw91n3hZBz2sqWQ for ; Sun, 15 Jan 2023 22:34:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Nw91n1QGRz49Bj for ; Sun, 15 Jan 2023 22:34:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1673822061; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AnFiz0xoRdM+SKtBwdweaG3ooOShH51ylyRFSZovR6k=; b=LX9jtltq97xhII4Z3JJVnjPtpJz2bjtHNnugdEZ6/uiVAGVq4LwWqsA0s3BoWM+zGjQGPI 9BKwlKBX4WTsw75t+Jm4GQ6lz/78msB/aSFsSSJo+bLZ0GxG7B6Rph+0QQVDHaj5UL6UTa auOyiKGnGgLCRIKDEqeFS/yjr5NaKsQKj2ao8ehu4we6q73je0XR89tfeBmnHOAg4Glse7 UhizhyRnxT+401uDcZoxT3JqsXPL8ldjbARiegjH3ozNN28N6cZQ+PDibfC83q5UxomYHn 4Uhy+ZK2ebNbTL+3X3KWfKpD923nImlqkTCU64M8ptUsW3iMF8UjVbNsAl8L9Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1673822061; a=rsa-sha256; cv=none; b=t3OOs9cWwowQIOagscchbcK11cgoGBRD2LZXopq9ZtXjU3QLsKIY+m1gMGjhOUT0F0TXxp O65z6MMA1wSaDRGZq4GQg7UYgpRGo3I3QMpcD+fxR/frW2qssXAhyzQvTO3ny4w5UNpm8Z PlqwFb0aZ1sk9uXJnwqvu8eFY2zYJuD1HazIye0FIYlQebvRq3YrjwSypIju5pWCIdrW0R No3TuwkZD5US9zlreLhSbOC9mItSeO8Pvvn9Wqg6x/5BY3NLyRogxD5XoxfZp1E/k9Yjq9 RFFBTbTxCPMybEF1c4b/LheB04mc9UsL3t04oCF9I8CySizfIQNOs6mRaU1+jA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Nw91n0SXPzkd1 for ; Sun, 15 Jan 2023 22:34:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 30FMYKox009827 for ; Sun, 15 Jan 2023 22:34:20 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 30FMYKYq009826 for bugs@FreeBSD.org; Sun, 15 Jan 2023 22:34:20 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 268976] Traffic will not route across two bridges on the same /8 Date: Sun, 15 Jan 2023 22:34:21 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: rtyler@brokenco.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268976 Bug ID: 268976 Summary: Traffic will not route across two bridges on the same /8 Product: Base System Version: 13.1-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: rtyler@brokenco.de When setting up a network topology with FreeBSD vnet jails, I found that I = was unable to route traffic between jails attached to two different bridge interfaces. It appears that if bridge0 and bridge1 share the same /8, traff= ic will not route between them correctly. Using the following topology as an example: +-------+ | world | +-------+ | vtnet0 | pf/nat +---------------+ +-------------------+ | dmz (bridge0) | | private (bridge1) | +---------------+ +-------------------+ * http * db * git When bridge0 is 10.10.1.1/24 and bridge0 is 10.200.2.1/24, traffic will *no= t* route properly between the `http` and the `db` jails. However, if bridge1 is `192.168.100.1/24`, then traffic will route properly between the two jails. Basically any configuration of bridge1 to be under 10.xx.xx.xx resulted in traffic not routing properly. Below are some configuration files from the test VM: jail.conf ------------------------------------ persist; mount.devfs; path =3D "/jails/$name"; host.hostname =3D $name; exec.start =3D "/bin/sh /etc/rc"; exec.stop =3D "/bin/sh /etc/rc.shutdown jail"; exec.clean; vnet; $dmz =3D "bridge0"; $dmz_gw =3D "10.10.1.1"; $private =3D "bridge1"; #$private_gw =3D "10.10.2.1"; $private_gw =3D "192.168.100.1"; http { $id =3D "0"; $ip =3D "10.10.1.80"; vnet.interface =3D "epair${id}b"; exec.prestart =3D "ifconfig epair${id} create up"; exec.prestart +=3D "ifconfig epair${id}a up descr vnet-${name}"; exec.prestart +=3D "ifconfig ${dmz} addm epair${id}a up"; exec.start =3D "/sbin/ifconfig epair${id}b ${ip}"; exec.start +=3D "/sbin/route add default ${dmz_gw}"; exec.start +=3D "/bin/sh /etc/rc"; exec.poststop =3D "ifconfig ${dmz} deletem epair${id}a"; exec.poststop +=3D "ifconfig epair${id}a destroy"; } db {=20=20=20=20 $id =3D "1"; # For reproducing the bug #$ip =3D "10.10.2.32"; $ip =3D "192.168.100.32"; vnet.interface =3D "epair${id}b"; exec.prestart =3D "ifconfig epair${id} create up"; exec.prestart +=3D "ifconfig epair${id}a up descr vnet-${name}"; exec.prestart +=3D "ifconfig ${private} addm epair${id}a up"; exec.start =3D "/sbin/ifconfig epair${id}b ${ip}"; exec.start +=3D "/sbin/route add default ${private_gw}"; exec.start +=3D "/bin/sh /etc/rc"; exec.poststop =3D "ifconfig ${private} deletem epair${id}a"; exec.poststop +=3D "ifconfig epair${id}a destroy"; }=20=20=20=20=20=20=20 git {=20=20=20 $id =3D "2"; $ip =3D "10.10.1.3"; vnet.interface =3D "epair${id}b"; exec.prestart =3D "ifconfig epair${id} create up"; exec.prestart +=3D "ifconfig epair${id}a up descr vnet-${name}"; exec.prestart +=3D "ifconfig ${dmz} addm epair${id}a up"; exec.start =3D "/sbin/ifconfig epair${id}b ${ip}"; exec.start +=3D "/sbin/route add default ${dmz_gw}"; exec.start +=3D "/bin/sh /etc/rc"; exec.poststop =3D "ifconfig ${dmz} deletem epair${id}a"; exec.poststop +=3D "ifconfig epair${id}a destroy"; }=20=20=20=20=20=20=20 ------------------------------------ rc.conf ------------------------------------ hostname=3D"vnet-test" ifconfig_vtnet0=3D"DHCP" #ifconfig_vtnet0_ipv6=3D"inet6 accept_rtadv" sshd_enable=3D"YES" ntpdate_enable=3D"YES" ntpd_enable=3D"YES" powerd_enable=3D"YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev=3D"AUTO" zfs_enable=3D"YES" sendmail_enable=3D"NONE" # Networking and Jails jail_enable=3D"YES" pf_enable=3D"YES" gateway_enable=3D"YES" cloned_interfaces=3D"bridge0 bridge1" ifconfig_bridge0=3D"inet 10.10.1.1/24" ifconfig_bridge1=3D"inet 192.168.100.1/24" # Using this network results in not being able to route # Make sure to update /etc/jail.conf for the db jail when changing #ifconfig_bridge1=3D"inet 10.10.2.1/24" ------------------------------------ pf.conf ------------------------------------ extif=3D"vtnet0" dmz=3D"bridge0" private=3D"bridge1" scrub in all fragment reassemble nat on $extif from $dmz:network to any -> ($extif) nat on $extif from $private:network to any -> ($extif) ------------------------------------ --=20 You are receiving this mail because: You are the assignee for the bug.=